WASHINGTON – The U.S. Justice Department says authorities in more than 10 countries have disrupted a European-based band of hackers that implanted viruses on computers around the world, allowing them to seized customer bank information and steal more than $100 million from businesses and consumers.
Among the participants in the crackdown was the Quebec RCMP Integrated Technological Crime Unit, which announced Monday that it worked with other law enforcement agencies and telecommunications companies to disrupt the 10 different computers servers used by the criminal network, including two servers in Montréal.
According to allegations unsealed by the FBI, one scheme infected computers with malicious software that captured bank account numbers and passwords, then used that information to secretly divert millions of dollars from victims’ bank accounts to themselves. In another scheme, victims were locked out of their own computers by the criminal software, which demanded ransom payments of several hundred dollars in order to relinquish control..
In Canada, the RCMP estimates there were more than 5,000 victims of the ransomware known as Cryptolocker, with potential losses close to $1.5 million.
The FBI called the alleged ringleader, 30-year-old Evgeniy Bogachev, one of the most prolific cyber criminals in the world and issued a “Wanted” poster that lists his online monikers and describes him as a boating enthusiast. He faces criminal charges in Pittsburgh, where he was named in a 14-count indictment, in Nebraska, where a criminal complaint was filed. He was not in custody, but Deputy Attorney General James Cole said U.S. authorities were in contact with Russia about seeking his arrest.
The case is unrelated to the recently unsealed cyber-espionage indictment of five Chinese army hackers accused of stealing trade secrets from American firms using another type of software known as BlackShades. The RCMP was also involved in that investigation, announcing May 19 that Canadian police had raided homes in Montreal and elsewhere in Quebec.
Though those cyber-attacks relied on similar tactics — including sending emails to unsuspecting victims with links that installed malware — the hackers in the Chinese case, unlike this one, were government officials.
Bogachev’s operation, prosecutors say, consisted of criminals in Russia, Ukraine and the United Kingdom who were assigned different roles within the conspiracy. Authorities say the group is responsible for the development of both “Gameover Zeus” — a network of infected computers that intercept bank account numbers and passwords — and “Cryptolocker,” malicious software that hijacks victims’ computers and demands ransom payments.
The victims of the schemes include an American Indian tribe in Washington state; an insurance company and a firm that runs assisted living centres in Pennsylvania; a local police department in Massachusetts; a pest control company in North Carolina; and two Florida businesses, a restaurant and a regional bank.
The Pittsburgh indictment unsealed Monday accuses Bogachev’s group of trying to siphon hundreds of thousands of dollars from the bank accounts of Haysite Reinforced Plastics of Erie, in northwestern Pennsylvania, on a single day in 2011. According to the indictment, two of the transfers went through — one for about $198,000 and one for about $175,000 — but multiple other attempted transfers did not go through.
Officials with Haysite did not immediately return phone calls for comment Monday. The accounts were with Pittsburgh-based PNC Bank, which declined to comment.
The Florida bank lost nearly $7 million through an unauthorized wire transfer. The Massachusetts police department, on the other hand, lost $750 when it paid a ransom demanded by the malicious software that infected its computers.
Last week, a federal judge in Pittsburgh granted a temporary restraining order against Bogachev and the others, demanding that they cease such activities. That order was unsealed along with the charges Monday.
With reports from The Associated Press and The Canadian Press.